WebGL on WSS connection: Failed to construct 'WebSocket'

I’m developing a multiplayer game with a WebGL client that connects to a Linux server with Unity Game Hosting platform (Multiplay).

My WebGL Client is hosted through HTTPS so, I get this error:

The page at ‘https://…’ was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint ‘ws://3X.XX.XX.XXX:9000/’. This request has been blocked; this endpoint must be available over WSS.

It is as if the client, by default, is using ws and not wss to connect to the server.

I believe that the server side (Unity Multiplay) is correctly configurated. In the log I don’t get any clue of the connection type (ws or wss).

By the way, I don’t get any error when I try from localhost (http not https) with xampp.

So, is there any special configuration when building the WebGL client? (or maybe in its hosting? I’m using BanaHosting (shared), which works fine with Gzip or Brotli without fallback with some warnings)? Or when building the server executable?

Or in the code when starting client or server?

I am using this method for both client and server, passing the IpAddress and Port:

Server:

ServerConfig serverConfig = MultiplayService.Instance.ServerConfig;

NetworkManager.Singleton.GetComponent<UnityTransport>().SetConnectionData(serverConfig.IpAddress, serverConfig.Port, "0.0.0.0");

NetworkManager.Singleton.StartServer();

Client:

NetworkManager.Singleton.GetComponent<UnityTransport>().SetConnectionData(_ipAddressField.text, ushort.Parse(_portField.text));

NetworkManager.Singleton.StartClient();

And this is my Unity Transport configuration. For both it is the same (server and client):

And by the way, this is the log of my test allocation:

StartServer

ServerConfig:
ServerId: 690X290X
AllocationId: 6a6f592X-cbc6-4fXd-8c24-fX15cb4cdXb8
IpAddress: 3X.9X.1XX.1XX
Port: X000
QueryPort: X010
LogDirectory: /mnt/unity/logs/

StartServerQueryHandlerAsync
SQP server: SQP server started on 0.0.0.0:X010

[Netcode] StartServer
[Netcode] Initialize

I hope you can help me and that it can be useful for others who have the same problem. Thanks in advance!

Hi, did you solve this issue?

I am also having this issue and finding no good information from Unity. I just followed both a Jason Weimann and a Codemonkey tutorial, both projects are having the same issue. Its like Unity Multiplay is not allowing WSS

Hi,

Unfortunately Multiplay Hosting does not currently support WSS. Could you please give me more information about the services you use and the versions so we can find the best alternative ?

• Which Unity version do you use ? 2022 LTS / Unity6
• Since you are using Multiplay Hosting, I assume you use Matchmaker as well, could you please confirm it is the case ?
• I also see code snippets of the NetworkManager in @salavideoclase7 's original post, could you please confirm if you are also using Netcode for GameObjects or Netcode for Entities ?

Is it because Multiplay doesn’t have a configured SSL certificate for secure web socket connections?

Is there any workaround at the moment
?

The current workaround is to leverage a listen server that supports wss as the connection point into the Multiplay dedicated game server. So you’d connect to something like Unity Relay from the server and then give that proxy connection info to the clients via a Lobby or other out of band mechanism. We have a number of customers who have done this flow. Be aware that the current Relay free-tier covers a generous amount of player network usage, but if you’re expecting significant network traffic you would get billed for both the relay and dedicated server traffic.

Other folks have enabled their servers with certs and have a connection flow that leverages them. I’m not sure if they manage to do that without DNS lookups or handle that with a lightweight service as I’ve not actually seen implementations. If attempting that, the following Unity Transport documentation should be reviewed:

1. WebGL support | Unity Transport | 2.4.0
2. Encrypted communications | Unity Transport | 2.4.0

Hey, thanks for helping out. Manged to connect to the server by creating manual certs to a DNS and pointing that to the server. And by setting client secrets and server secrets in the client and server.

Hi dulan, I’d really appreciate if you explain this in a bit more detail please.

hey. im not sure whether this is an optmal solution. Works though.

1). point the your domain to the multiplay server IP
2). use certbot and generate manual ssl certs for your domain (use ea linux environment)
3). setup your client and server as per this docs

should work.

How does this solution work when Multiplay server IPs are dynamically allocated? Won’t you need some more involved proxy setup?

I’ve tried setting up communications with Multiplay server and clients using Relay, but am not managing to establish a connection when using websocket interface on the server.

If I use UDP on server and WSS on client via Relay, they connect, but Netcode Entities handshake fails (assuming this is due to client traffic being encrypted?).

In my case, I only needed a single IP (since my social interaction game has to have a single persistent server), so I started a server manually from the Multiplay dashboard and connected directly to that IP. I don’t even need a relay for this.
Since Multiplay doesn’t support WSS, I used WS in the server build and WSS in the client WebGL build. In between, I set up a reverse proxy server (using Nginx on a VPS) that accepted WSS requests from clients and forwarded them to the game server.

Thanks for the context @mafiasniper that makes sense.

Would you mind sharing the NGINX config you ended up with? I was on this path initially but got stuck on some incorrect setup that caused Unity Transport to fail during TLS handshake.

I had to set up SSL for my domain to receive the WSS requests and then direct those requests to non-WSS multiplay server IP.
You just have to add another server block in your default config file, it goes like this.
(DOMAIN_NAME = my actual domain name)

server {
    listen 9000 ssl;
    server_name DOMAIN_NAME;

    # SSL certificates
    ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # Reverse proxy configuration
    location / {
        proxy_pass http://MULTIPLAY_DEDICATED_SERVER_IP:PORT;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

With this setup, on the client build, I connect to my VPS (I used my domain name instead of my IP address on the transport component, and port 9000).

Thank you @mafiasniper, much appreciated! I’m going to try it out. I had a similar setup to what you shared but I can see a few SSL config settings in yours that I probably missed.

Leaving this solution here because it took me forever to find and maybe it will save others some time. It’s a practical example of how to use Relay with a dedicated server to be able to connect clients over wss. How can I Activate SSL for my WebGL client to work with Netcode server, while being hosted in HTTPS pages (like Itch.io) - #11 by ANLevant